SCADA
by Elipse
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12634 | Cri | 0.71 | 9.8 | 0.58 | Jun 22, 2018 | CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. | ||
| CVE-2024-9414 | Hig | 0.46 | — | 0.01 | Oct 17, 2024 | In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions. | ||
| CVE-2018-17897 | 0.01 | — | 0.06 | Oct 17, 2018 | LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution. | |||
| CVE-2021-33025 | 0.00 | — | 0.00 | May 16, 2022 | xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges. | |||
| CVE-2021-33001 | 0.00 | — | 0.01 | May 16, 2022 | xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code. | |||
| CVE-2020-25188 | 0.00 | — | 0.02 | Oct 14, 2020 | An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870). | |||
| CVE-2019-10994 | 0.00 | — | 0.01 | Aug 5, 2019 | Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS… | |||
| CVE-2019-10980 | 0.00 | — | 0.01 | Aug 5, 2019 | A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS… | |||
| CVE-2019-6536 | 0.00 | — | 0.01 | Mar 27, 2019 | Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. | |||
| CVE-2014-5429 | 0.00 | — | 0.01 | Dec 6, 2014 | DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets. |
- risk 0.71cvss 9.8epss 0.58
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI.
- risk 0.46cvss —epss 0.01
In LAquis SCADA version 4.7.1.511, a cross-site scripting vulnerability could allow an attacker to inject arbitrary code into a web page. This could allow an attacker to steal cookies, redirect users, or perform unauthorized actions.
- CVE-2018-17897Oct 17, 2018risk 0.01cvss —epss 0.06
LAquis SCADA Versions 4.1.0.3870 and prior has several integer overflow to buffer overflow vulnerabilities, which may allow remote code execution.
- CVE-2021-33025May 16, 2022risk 0.00cvss —epss 0.00
xArrow SCADA versions 7.2 and prior permits unvalidated registry keys to be run with application-level privileges.
- CVE-2021-33001May 16, 2022risk 0.00cvss —epss 0.01
xArrow SCADA versions 7.2 and prior is vulnerable to cross-site scripting due to parameter ‘bdate’ of the resource xhisvalue.htm, which may allow an unauthorized attacker to execute arbitrary code.
- CVE-2020-25188Oct 14, 2020risk 0.00cvss —epss 0.02
An attacker who convinces a valid user to open a specially crafted project file to exploit could execute code under the privileges of the application due to an out-of-bounds read vulnerability on the LAquis SCADA (Versions prior to 4.3.1.870).
- CVE-2019-10994Aug 5, 2019risk 0.00cvss —epss 0.01
Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS…
- CVE-2019-10980Aug 5, 2019risk 0.00cvss —epss 0.01
A type confusion vulnerability may be exploited when LAquis SCADA 4.3.1.71 processes a specially crafted project file. This may allow an attacker to execute remote code. The attacker must have local access to the system. A CVSS v3 base score of 7.8 has been calculated; the CVSS…
- CVE-2019-6536Mar 27, 2019risk 0.00cvss —epss 0.01
Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process.
- CVE-2014-5429Dec 6, 2014risk 0.00cvss —epss 0.01
DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and earlier, E3 1.0 through 4.6, and Elipse Power 1.0 through 4.6 allows remote attackers to cause a denial of service (CPU consumption) via malformed packets.